Risk management for e-cash systems with partial real-time audit

Abstract

We analyze “coin-wallet” and “balance-wallet” under partial real-time audit, and compute upper bounds on theft due to the fact that not all the transactions are audited in real time, assuming that everything else is perfect. In particular, we assume that the audit regime holds for innocent players. Let v be the maximum allowed balance in a wallet, 0 ≤ μ ≤ 1 be the fraction of transactions that are audited in real time in an audit round that includes overall n transactions. Assume one unit transactions. We show that for μ << 1 the upper bound on expected theft for coin-wallet is (equation found) (which if v << μ−2 becomes (eμ2 −1)−1), while for plausible parameter choice the bound for a balance-wallet is O(exp(v2=n)). This last bound can become huge in some cases, implying that partial audit, while suitable for coin-wallets with low denomination coins, may be too risky for balance-wallet. Some implications to the design of anonymous and non-anonymous systems are discussed.